SQL Injection Remote Code Execution Vulnerability (CVE-2023-40056)

Summary

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account.

Affected Products

SolarWinds Platform 2023.4.1 and previous versions.

Fixed Software Release

SolarWinds Platform 2023.4.2

Acknowledgments

Alex Birnberg working with Trend Micro Zero Day Initiative

Advisory Details
Severity
High
Advisory ID

CVE-2023-40056

First Published
11/28/2023
Fixed Version

SolarWinds Platform 2023.4.2

CVSS Score

CVSS:3.1:AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email